Best Practices with Single Sign-On – Assess You Organization Readiness

This checklist is designed to offer guidance to decision makers in enterprises, small and mid tier organizations, government agencies or other organizations to assess single sign-on (SSO) systems, as well for SSO developers to ensure that they have provided is equipped to detect the possibilities of exchanging identification and authentication credentials.

This checklist will provide you with:

  • The most important metrics to consider
  • Making sure that your SSO system is fully SSO enabled
  • A handy matrix form for you to see what each vendor has to offer

Checklist for Single Sign-on Systems

 

Key Metrics Does the SSO Support
Application Integration On-premises

  • On cloud
  • Hybrid
Community Support
  • Employees
  • Contractors
  • Partners/Vendors
  • Customers
End users or customers
  • Facebook
  • Google
Password Vaulting vs True SSO
  • User enters username+password to access apps/sites
  • User log-in for single time to access apps/sites
Open Standards
  • SAML
  • OpenID Connect
  • OAuth 2
  • WS-Federation
Mobile Users
  • SSO for mobile devices
  • Work with various devices with SAML and MDM vendors
  • MFA Authentication tool
Meet Security regulatory compliance
  • SOC 2 Type 2
  • ISO 27117
  • ISO 2701
  • ISO 27001
  • CSA Star
  • Truste
  • US Privacy Shield
  • Skyhigh enterprise ready
  • GDPR
  • EU Model Contract Clauses
  • NIST Cyber security framework
  • Vendor penetration, network and bug tests
Disaster Recovery Availability
  • 99.99% availability
  • Across data centers located across regions
  • Replication and redundancy across regions
High usability features
  • Single portal for apps
  • Integration with different browsers
  • Easy login process
  • Easy app access process
  • Users can reset passwords on their own
Enterprise access
  • Integrates with VPN
  • Integrates with wi-fi for app access
  • Endpoints integration with RADIUS and LDAP
Authentication
  • MFA
  • Adaptive authentication
  • Automated authentication
  • X 509 based certificates
Authorization Management
  • RBAC access
  • Provisioning and de-provisioning of user access in apps
Integration features
  • Seamless integration with in-house custom apps through API
  • Seamless deployment of SSO without disturbing existing apps
Federation
  • Existing identity providers like Microsoft Active Directory (AD)
  • Amazon AD
  • LDAP
  • Google directory
  • Human resource management systems such as Workday, Sucessfactors
Password rules
  • Setting up of password when expires
  • Set password complexity such as length, characters
  • Reduce support tickets during expiration notifications
  • MFA requirements for password resets if MFA isused
Developer Support -custom apps and third party systems
  • API support
  • SSO registration
  • SDK for major platforms and languages
  • OpenID Connect
Compliance based reporting
  • External authorization to third party SIEM solutions
  • Audit trails
User Behaviour Analytics  (UBA)
  • Allow blacklist, whitelist of geo-locations and IP’s
  • Set responses to high risk logins attempts
  • Re-authentication to access certain apps with MFA tools
Data processing model
  • Where data identity is processed and stored